Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/R9s8eoqtDt5gTgmzzdWw4WYx8uc.roa
File:                     R9s8eoqtDt5gTgmzzdWw4WYx8uc.roa (raw, json)
Hash identifier:          nUsgFERG+PircV2gvkAq+cdBQplGntLvfyJRP3snxuU=
Subject key identifier:   47:DB:3C:7A:8A:AD:0E:DE:60:4E:09:B3:CD:D5:B0:E1:66:31:F2:E7
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       019C666139BDC99CDC603393E4FFF0F36D12
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/R9s8eoqtDt5gTgmzzdWw4WYx8uc.roa
Signing time:             Mon 16 Feb 2026 12:16:13 +0000
ROA not before:           Mon 16 Feb 2026 12:16:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201995
IP address blocks:        45.80.156.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 09:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:66:61:39:bd:c9:9c:dc:60:33:93:e4:ff:f0:f3:6d:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Feb 16 12:16:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=47db3c7a8aad0ede604e09b3cdd5b0e16631f2e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:52:41:c0:b3:fe:cc:5b:c8:90:30:a5:80:31:
                    67:8f:2c:8b:e1:8f:b8:20:76:60:9c:71:31:b6:f3:
                    72:83:73:a7:bf:17:5a:96:de:b5:8a:1c:20:f8:07:
                    7b:cd:b8:81:e8:7e:9f:6d:0b:71:59:24:d0:c5:db:
                    3c:13:fc:71:32:95:94:da:d1:e8:f4:b2:8b:a8:12:
                    6c:7d:4d:b9:d6:f8:4d:3a:de:82:25:0b:66:af:5f:
                    74:2c:a2:97:a3:53:ab:98:f3:38:d2:c7:ac:82:8a:
                    61:8a:f1:5b:79:78:cd:08:d8:16:74:0c:40:cd:d8:
                    45:ea:fa:f9:f0:fa:47:6c:6d:78:b4:d4:20:4c:9a:
                    11:0f:fc:65:f4:b2:87:91:92:c2:3b:b7:a8:62:b9:
                    c3:b0:06:db:84:be:aa:62:40:03:76:f5:aa:0c:29:
                    d0:03:ba:19:8c:f6:59:7f:22:ce:5a:be:1b:15:2d:
                    44:4b:19:a3:6e:99:1f:e1:54:0e:7f:66:8d:d7:02:
                    f4:0b:00:37:6f:7b:92:16:fc:80:f3:a0:2c:64:99:
                    d8:dc:71:24:7f:57:d8:0b:ea:e3:47:59:51:a4:2c:
                    cc:de:6d:eb:2d:e6:22:93:14:cf:68:61:26:65:c4:
                    fd:f7:aa:a3:9e:42:d7:24:2e:72:67:e7:b0:30:3a:
                    ab:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:DB:3C:7A:8A:AD:0E:DE:60:4E:09:B3:CD:D5:B0:E1:66:31:F2:E7
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/R9s8eoqtDt5gTgmzzdWw4WYx8uc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.80.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:bc:0c:ce:05:82:fd:b4:3d:40:ac:57:1d:fd:4a:23:31:16:
         ca:72:56:e0:0d:ab:b9:37:88:3c:7e:d2:c6:bb:7e:61:ac:de:
         37:f3:ea:3c:9e:b6:cb:e9:a4:3e:ed:f0:71:1c:ab:94:43:af:
         90:f1:b7:60:ea:33:e0:ef:66:69:34:1c:86:0e:a1:e1:25:f7:
         30:46:19:cb:f2:2b:c7:39:20:15:30:98:fb:d2:6b:1b:18:40:
         f1:99:1c:bd:92:f0:60:b5:54:c6:2c:81:b0:d6:5e:5d:cc:ad:
         86:b9:c5:ae:7c:c4:7f:b8:73:85:f3:67:03:b6:b9:44:f3:20:
         7b:f8:d0:5a:e4:1e:c4:57:4f:18:53:e2:06:38:43:7e:14:7c:
         d5:40:b8:bc:36:6a:79:24:c8:ce:a4:d3:64:f3:fe:44:0a:e1:
         ed:ff:57:36:27:a0:41:26:6f:a9:41:36:54:b7:3d:23:b8:b2:
         0e:4e:41:05:5a:aa:ae:9c:d1:8f:52:00:26:f6:d7:03:e1:17:
         7b:ee:4e:c3:b6:83:d1:12:c2:11:32:8b:f4:84:cb:ea:f5:84:
         91:bc:aa:6b:f3:6b:f2:8f:c9:9c:7f:9d:cc:3a:da:87:a5:ee:
         7a:42:97:02:38:22:65:92:86:6a:39:5a:64:c8:d2:9c:3b:6f:
         25:29:5a:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxmYTm9yZzcYDOT5P/w820SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjYwMjE2MTIxNjEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2RiM2M3YThhYWQwZWRlNjA0ZTA5YjNjZGQ1YjBlMTY2MzFmMmU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsVJBwLP+zFvIkDClgDFnjyyL4Y+4
IHZgnHExtvNyg3Onvxdalt61ihwg+Ad7zbiB6H6fbQtxWSTQxds8E/xxMpWU2tHo
9LKLqBJsfU251vhNOt6CJQtmr190LKKXo1OrmPM40sesgophivFbeXjNCNgWdAxA
zdhF6vr58PpHbG14tNQgTJoRD/xl9LKHkZLCO7eoYrnDsAbbhL6qYkADdvWqDCnQ
A7oZjPZZfyLOWr4bFS1ESxmjbpkf4VQOf2aN1wL0CwA3b3uSFvyA86AsZJnY3HEk
f1fYC+rjR1lRpCzM3m3rLeYikxTPaGEmZcT996qjnkLXJC5yZ+ewMDqrgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEfbPHqKrQ7eYE4Js83VsOFmMfLnMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvUjlzOGVvcXREdDVnVGdtenpkV3c0V1l4OHVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVCcMA0G
CSqGSIb3DQEBCwUAA4IBAQAyvAzOBYL9tD1ArFcd/UojMRbKclbgDau5N4g8ftLG
u35hrN438+o8nrbL6aQ+7fBxHKuUQ6+Q8bdg6jPg72ZpNByGDqHhJfcwRhnL8ivH
OSAVMJj70msbGEDxmRy9kvBgtVTGLIGw1l5dzK2GucWufMR/uHOF82cDtrlE8yB7
+NBa5B7EV08YU+IGOEN+FHzVQLi8Nmp5JMjOpNNk8/5ECuHt/1c2J6BBJm+pQTZU
tz0juLIOTkEFWqqunNGPUgAm9tcD4Rd77k7DtoPREsIRMov0hMvq9YSRvKpr82vy
j8mcf53MOtqHpe56QpcCOCJlkoZqOVpkyNKcO28lKVot
-----END CERTIFICATE-----